Security screws have been tightened once more.

[romanof]

Put 15.1 on today and that was a mistake. Suddenly, the screws have been tightened considerably. Nothing that is not approved of by Apple will run and the "Run Anyway" option is gone. Only stuff from Apple or Apple developers is allowed.

Since Macos is still BSD Unix underneath (mostly) that can be hacked through and I have, but this is a continuing push on me to get back to Linux and just consign my Mac to ordinary Internet tasks, in which case a cheap used Mini will do that job just fine.

If anybody cares, one bypass is

sudo spctl --master-disable

then change to the now visible Anywhere in settings/security, find the binary in the application blob and drop it into terminal. A PITA, but will allow one to get back to work until this is sorted out. If it ever is.

One would almost think that Apple believes that they still own my computer.

 

[chabig]

You can still run unnotarized apps. Go to System Setting > Privacy & Security and click the Open Anyway button to confirm your intent to open or install the app.

 

[romanof]

Open Anyway was not there after upgrade to 5.1, until I ran the above command. And even with it appearing after the hack, clicking on open anyway still gets the Apple no-no message. The only way to run it is to drop the binary into terminal after the hack. (Seamonkey - a valid app from that has been around a long time.)

 

[chabig]

Yes. Keep going...

Living with(out) notarization

Notarization is now obligatory for developers, but at the same time, we’re still able to run our own apps that aren’t notarized. Here’s how that works, and why.

eclecticlight.co

 

[Iwavvns]

Since Macos is still BSD Unix underneath (mostly)…

This reminds me of that thought experiment: if you have a boat and begin replacing parts as needed, how much can you replace before the boat is no longer the original boat?

Mac OS X started with BSD Unix, but I think that so much has been changed, and new pieces added, that is no longer the original boat.

 

[Fishrrman]

I DISABLE system integrity protection AND Gatekeeper "right out of the box" on all my Macs.
Don't need such things.

My Macs ran great before Apple introduced such nonsense.
They STILL run fine after I disable it...

 

[romanof]

I DISABLE system integrity protection AND Gatekeeper "right out of the box" on all my Macs.
Don't need such things.

My Macs ran great before Apple introduced such nonsense.
They STILL run fine after I disable it...

Yes, and I will probably do that. My surfing is minimal and text and messages come in on my phone. Most of my use is off line, especially now that I can run an LLM (Jan) locally. I almost never install new programs and the wifi is always turned off unless needed.
So the new security stuff is a PITA, but as I am gradually migrating actual work back to Linux, it matters less and less. (Actually, the "gradually" is rapidly changing to "Get the work moved!"

 

[fisherking]

Yes, and I will probably do that. My surfing is minimal and text and messages come in on my phone. Most of my use is off line, especially now that I can run an LLM (Jan) locally. I almost never install new programs and the wifi is always turned off unless needed.
So the new security stuff is a PITA, but as I am gradually migrating actual work back to Linux, it matters less and less. (Actually, the "gradually" is rapidly changing to "Get the work moved!"

easy.

 

[eltoslightfoot]

You can still run unnotarized apps. Go to System Setting > Privacy & Security and click the Open Anyway button to confirm your intent to open or install the app.

I have done this several times and never had an issue on Sequoia. I never changed any security settings.

 

[n-evo]

You can still run unnotarized apps. Go to System Setting > Privacy & Security and click the Open Anyway button to confirm your intent to open or install the app.

Exactly. Works just fine albeit a bit more of a hassle. I had to look that up though before I realized it was there.

 

[SnacksGU]

You can still run unnotarized apps. Go to System Setting > Privacy & Security and click the Open Anyway button to confirm your intent to open or install the app.

This option literally does not exist for me anymore...

I know others above me mentioned it exists for them.

 

[n-evo]

This option literally does not exist for me anymore...

Could be you have to scroll down in Privacy & Security first time I overlooked it too.

Maybe try removing the app > Restart your Mac > Redownload the app > Open and quit it > Immediately go to System Settings > Privacy & Security > scroll down. There should be an Allow x.app area there.

Open a Mac app from an unknown developer

If you try to open an app by an unknown developer and you see a warning dialog on your Mac, you can override your security settings to open it.

support.apple.com

 

[SnacksGU]

Could be you have to scroll down in Privacy & Security first time I overlooked it too.

Maybe try removing the app > Restart your Mac > Redownload the app > Open and quit it > Immediately go to System Settings > Privacy & Security > scroll down. There should be an Allow x.app area there.

Open a Mac app from an unknown developer

If you try to open an app by an unknown developer and you see a warning dialog on your Mac, you can override your security settings to open it.

support.apple.com

I will try again. I have installed from unknown developers several times (8-15 times in the past/history) with previous OS. Thanks

 

[n-evo]

I first ran into issues with XLD an audio encoder app. After launching it an "Open Anyway" button appeared under the "Security" header. After pressing it XLD launched without an issue.

I do find it annoying Apple is making us jump through hoops like this. The experienced user should be able to have more control over how the OS is handling this, as was the case with older macOS versions.

 

[fisherking]

I first ran into issues with XLD an audio encoder app. After launching it an "Open Anyway" button appeared under the "Security" header. After pressing it XLD launched without an issue.

I do find it annoying Apple is making us jump through hoops like this. The experienced user should be able to have more control over how the OS is handling this, as was the case with older macOS versions.

this is not new, at all, for unsigned apps.

i installed XLD on an early sequoia beta, clicked 'open anyway', and now use the app regularly. hardly seems like jumping thru hoops, to once approve an app...

 

[SG-]

its still right there at the bottom of privacy and security after you try and launch an unsigned app. I personally used to feel the same as you when this entire thing started, but over the last few years I've personally switched and enjoy the defaults as an advanced user with all the recent Mac malware and Mac popularity gaining steam.

I really like how easy I can simply go to system prefs and quickly approve a single app going forward when I'm sure it's safe or my own unsigned compiled apps.

 

[n-evo]

this is not new, at all, for unsigned apps.

i installed XLD on an early sequoia beta, clicked 'open anyway', and now use the app regularly. hardly seems like jumping thru hoops, to once approve an app...

I was referring to the initial process.

 

[fisherking]

I was referring to the initial process.

yes, a one-time thing. so simple...

 

[BigBlur]

Yes. Keep going...

Living with(out) notarization

Notarization is now obligatory for developers, but at the same time, we’re still able to run our own apps that aren’t notarized. Here’s how that works, and why.

eclecticlight.co

That was a good read. I already knew about the "right-click > Open" thing needed to run some third-party apps, but probably would have fallen for this trick if an installer screen from a mounted disk appeared on my screen like this. How sneaky!

(Just to be clear, this is the installer screen. Not instructions to perform somewhere else.)

 

[n-evo]

yes, a one-time thing. so simple...

Per app, per Mac. Once you figure it out (I was used to right click > Open and honestly didn't know about the location in System Settings > Privacy & Security until macOS Sequoia) it isn't that big of deal. Agreed. However, this is the second thread I've come across where "Open Anyway" seemingly fails to show up in System Settings. I've had a similar thing happen in the past where other permissions wouldn't show up. So in that sense it's annoying that Apple is getting rid of alternate routes to achieve the same thing. I get their reasoning though.

I think it's too bad that Apple made the Mac App Store unaccessible the way they did. I installed Windows 11 the other day and pretty much everything is available in the Microsoft Store. Photoshop, InDesign, Firefox, Apple Music, you name it. The Mac App Store is just deserted in comparison, with so many apps missing. Having to download apps from external sources remains commonplace this way.

That was a good read. I already knew about the "right-click > Open" thing needed to run some third-party apps, but probably would have fallen for this trick if an installer screen from a mounted disk appeared on my screen like this. How sneaky!

Sneaky indeed. They'll probably just update it with new instructions though.

 

[Nermal]

this is not new, at all, for unsigned apps.

But as of 15.1, unsigned apps don't run at all (the error message is shown in post #3). You can use "Open Anyway" on non-notarised apps, but they must still be signed or else the Open Anyway button doesn't show up.

 

[BigBlur]

Sneaky indeed. They'll probably just update it with new instructions though.

I figured they'll probably update the instructions, but it wouldn't work as slick anymore and would hopefully throw red flags for the users. I would be thinking "I shouldn't need to go into Settings and do all this work to install/run an app." Though, someone who's not as familiar with Macs still probably wouldn't know any better.

I'm sure we've all seen legitimate installation disks that look something like the screenshot below after mounting them. They typically show the app icon and Applications folder, and you can just drag it right there inside that window for your convenience. (Some of us may have even accidentally ran the app from here.) Now imagine this window telling you to right-click the icon and open. That's what's going on in the article/screenshot above and was a great way to fool users because the right-click/context menu works on this screen. They didn't need to tell you to go somewhere else and do stuff. With the new way, they could still show the instructions, but it won't be as slick or sneaky.

 

[Elhem Enohpi]

This is (formerly) a bug in macOS, in 15.1. It's been fixed in 15.2. If you followed the terrible (and unnecessary) advice to disable System Integrity Protection and disable Gatekeeper, please re-enable them!

Even with the bug, it was possible to run non-signed applications without disabling important macOS security features, by providing an ad-hoc signature with the "codesign" command. The bug didn't affect "anything not approved of by Apple". Most so-called "unsigned" apps are signed with an ad-hoc signature by the developer, if they're not registered with Apple. The bug only affected a few apps with a completely missing signature. Previously, it was possible to run such apps by going to the Privacy & Security settings, or by removing the quarantine attribute. The bug in 15.1 prevented that, but now it's possible again.

 

[bogdanw]

This is (formerly) a bug in macOS, in 15.1. It's been fixed in 15.2. If you followed the terrible (and unnecessary) advice to disable System Integrity Protection and disable Gatekeeper, please re-enable them!

Even with the bug, it was possible to run non-signed applications without disabling important macOS security features, by providing an ad-hoc signature with the "codesign" command. The bug didn't affect "anything not approved of by Apple". Most so-called "unsigned" apps are signed with an ad-hoc signature by the developer, if they're not registered with Apple. The bug only affected a few apps with a completely missing signature. Previously, it was possible to run such apps by going to the Privacy & Security settings, or by removing the quarantine attribute. The bug in 15.1 prevented that, but now it's possible again.

We know
https://forums.macrumors.com/thread...lity-to-launch-unsigned-applications.2441792/

https://forums.macrumors.com/thread...tekeeper-policy-officially-with-15-1.2443080/

Don't worry about having SIP diabled, it's not going to give your Mac cancer.
Merry Christmas!

 

[throAU]

Put 15.1 on today and that was a mistake. Suddenly, the screws have been tightened considerably. Nothing that is not approved of by Apple will run and the "Run Anyway" option is gone. Only stuff from Apple or Apple developers is allowed.

Since Macos is still BSD Unix underneath (mostly) that can be hacked through and I have, but this is a continuing push on me to get back to Linux and just consign my Mac to ordinary Internet tasks, in which case a cheap used Mini will do that job just fine.

If anybody cares, one bypass is

sudo spctl --master-disable

then change to the now visible Anywhere in settings/security, find the binary in the application blob and drop it into terminal. A PITA, but will allow one to get back to work until this is sorted out. If it ever is.

One would almost think that Apple believes that they still own my computer.

if you turn it off, on your head be it. 90 percent of people will never need to and be better protected. if you need to turn it off the option amongst others is there.